SAP TechEd ’08: Web Services SSO in a heterogeneous SOA landscape
Ever wondered how to control access to the various services in an Enterprise SOA without having your users keep long lists of passwords that they must remember for daily tasks? What are best practices in the industry to design a flexible and secure solution? And how does your architecture still prove to be a solid approach in a heterogeneous landscapes where consumers (e.g. a composite application) may have to call several services on different platforms within the organization and across its boundaries?
If you are planning or implementing an Enterprise SOA, I’m sure that you have been asked these types of questions many times. Session SIM207 (“Towards Interoperable SSO for Web Services”) at SAP TechEd in Las Vegas and Berlin will provide you with the answers. Administrators, architects or developers will learn how to solve the Single Sign-On (SSO) issue in heterogeneous landscapes based on industry-wide accepted standards supported by SAP NetWeaver and other platforms.
My colleague Stefanie Garcia-Laule and I invite you to take a 2-hours journey into the world of Enterprise SOA and Single Sign-On (SSO) that will cover the following topics:
- Standards-based SSO for Web Services
- New features for Web Services SSO in SAP NetWeaver
- Enterprise SOA SSO in practice
Figure 1: Heterogeneous ESOA security scenario demonstrated at TechEd 08 SIM207
We’ll start our session with an introduction of the fundamental concepts and technologies, but our main objective is to give you an early and practical insight into the upcoming features in SAP NetWeaver and how to use them for Web Services SSO in a real-world ESOA scenario. In an online demo (see figure 1 above), we’ll show how to build a service-based solution in a heterogeneous environment, including Microsoft .NET 3.0 and Excel serving as the frontend on the consumer side and an ABAP-based Web Service provider running on the SAP NetWeaver Application Server, requiring strong authentication from any service consumer. To deliver on the promise of Single Sign On in this scenario, the user will only have to authenticate once at the initial Windows desktop log on, and the security session will be obtained across system and domain boundaries based on the SAML Token Profile standard that provides interoperability between both platforms.
Get ready for this practical, hands-on advice on industry-driven, interoperable design for secure heterogeneous ESOA landscapes and hope to see you at SAP TechEd in Las Vegas or Berlin!
Please click here to download the complete source code archive of the demo scenario.
Thanks in advance
please try the password "secret" to install the certificate.
Best regards
Martin
First I want to thank you for your previous answer.
About the certificates I still have a doubt:
SAMLSTS & SAMLConsumer referencing "Trusted CA", i found the relative certificate -> works fine
WSS ABAP referencing "WS Security Test CA", I could not find the certificate.
where can I find it?
Thanks in advance
Maurizio Rocca
I created a PCKS#7 file for WSS ABAP which contains the full chain of certificates, including the Test CA certificate. You can download the file from https://sapmats-de.sap-ag.de/download/download.cgi?id=4AZVFBFK1BIZY2NY7NAJZ59NPPKN1T0KPM6MF2UEUGLZUNY9D6
Best regards
Martin
I imported your new certificate, same result.
By opening the certificate, I get these infos (identical to wss abap.cer)
General tab:
> Insufficient information to verify the certificate
certification path tab, certificate state:
> Could not find the issuer of the certificate
Best regards
Maurizio Rocca
here is another link to download only the Test CA certificate: https://sapmats-de.sap-ag.de/download/download.cgi?id=LOFJCEDY274ORHJZ4FPEJCIKAP3SZ2QIRVGW31DIH4OEG3GLAP
Best regards
Martin